Snort mailing list archives

Re: spp_portscan

From: Phil Wood <cpw () lanl gov>
Date: Tue, 18 Dec 2001 09:47:39 -0700

portscan does not understand that syntax.  Try space separated ip
addresses.

On Tue, Dec 18, 2001 at 06:33:39AM -0500, David Gitman wrote:

My DNS server (only my secondary) keeps showing up as a port scan.  I
set 
 
var DNS_SERVERS [166.84.143.28/32,198.7.0.2/32]
 
but still am seeing 
 
12/18-06:30:22.075845  [**] [100:2:1] spp_portscan: portscan status from
198.7.0.2: 1 connections across 1 hosts: TCP(0), UDP(1) [**]
 
any suggestions?
 
Thanks,
 
David Gitman
david () gitman net
www.gitman.net


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

spp_portscan David Gitman (Dec 18)
- Re: spp_portscan Phil Wood (Dec 18)
- <Possible follow-ups>
- RE: spp_portscan Hytham Abu-Safieh (Dec 18)